Abstract

Netalyzr, at http://netalyzr.net, is a widely used network measurement and debugging tool, with over 180,000 executions to date. Netalyzr is a signed Java applet coupled to a custom suite of test servers in order to detect and debug problems with DNS , NATs, hidden HTTP proxies, and other issues. Netalyzr has revealed many problems in the Internet landscape, ranging from broken NAT DNS resolvers, hidden caches and malfunctioning proxies, to deliberate ISP manipulations of DNS results, including some ISPs which use DNS to man-in-the-middle search properties like Yahoo, Google, and Bing. Although Netalyzr is a network measurement tool, writing it was a network security process, designed to detect unusual conditions by deliberately bending (or outright breaking) protocol specifications, using unintended features of Java, and a general dose of “sneaky”.

This talk discusses the design of Netalyzr, interesting cases observed during development, and highlights some of the interesting results including HTTP caches, hidden proxies, chronic overbuffering, and DNS misbehaviors.